UBUNTU-CVE-2021-23566
Advisory lineage Upstream: 1 Downstream: 0
Upstream
Published: 14 Jan 2022, 20:15
Last modified:20 May 2026, 16:04
Vulnerability Summary
Overall Risk (default)
low
22/100 CVSS Score
5.5 MEDIUM
3.1 (osv_ubuntu)
EPSS Score
No data
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected
Timeline
14 Jan 2022, 20:15
Published
Vulnerability first disclosed
20 May 2026, 16:04
Last Modified
Vulnerability information updated
Description
The package nanoid from 3.0.0 and before 3.1.31 are vulnerable to Information Exposure via the valueOf() function which allows to reproduce the last id generated.
CVSS Metrics
- v3.1•MEDIUM•Score: 5.5CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Affected Systems
- ubuntu•node-mocha
all | all | all | all | all | all | all
- ubuntu•node-postcss
all | all | all | all | all
References (7)
- https://ubuntu.com/security/CVE-2021-23566
- https://github.com/ai/nanoid/pull/328
- https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-2332550
- https://gist.github.com/artalar/bc6d1eb9a3477d15d2772e876169a444
- https://snyk.io/vuln/SNYK-JS-NANOID-2332193
- https://github.com/ai/nanoid/commit/2b7bd9332bc49b6330c7ddb08e5c661833db2575
- https://www.cve.org/CVERecord?id=CVE-2021-23566